Bug: Can't track privileges properly

[sam-mosleh]

Probably order issue again?

Step 1

Alter default privilages by applying this:

CREATE USER postgres; -- Why the tmp database has a different username(pgschema) than the one we're connecting with? 
CREATE ROLE readwrite; -- This is creating DX fatigue
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT USAGE ON SEQUENCES TO readwrite;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT DELETE, INSERT, SELECT, UPDATE ON TABLES TO readwrite;

Step 2

Add a new table:

CREATE USER postgres;
CREATE ROLE readwrite;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT USAGE ON SEQUENCES TO readwrite;
ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT DELETE, INSERT, SELECT, UPDATE ON TABLES TO readwrite;
CREATE TABLE people (
    id serial PRIMARY KEY,
    people_name text NOT NULL
);

Step 3

Apply again

Expected behavior: To see no changes since we're applying the same file twice
Actual behavior: We're seeing the diff below

Plan: 2 to drop.

Summary by type:
  privileges: 2 to drop

Privileges:
  - readwrite
  - readwrite

DDL to be executed:
--------------------------------------------------

REVOKE USAGE ON SEQUENCE people_id_seq FROM readwrite;

REVOKE DELETE, INSERT, SELECT, UPDATE ON TABLE people FROM readwrite;

Context

Tested version 1.6.1@e839db7

[sam-mosleh]

@tianzhou If you've already decided to implement ALTER DEFAULT PRIVILEGES, are there technical reasons preventing ROLE support? Since ALTER DEFAULT PRIVILEGES depends on roles, including them would significantly improve DX.

[tianzhou]

To clarify, we only implemented ALTER DEFAULT PRIVILEGES IN SCHEMA schema_name, which still under schema level.

ROLE is a database-level command which is not supported by pgschema by design

[sam-mosleh]

It makes sense but by this logic, table privileges shouldn't get implemented at all. As you can see in #236, pgschema requires two roles in the schema file.

[tianzhou]

#227 provides more context about that